US 20070192598 A1 Abstract A system stores pedigrees that include details of how and when each of multiple blocks of encryption key material were distributed between two endpoints using quantum cryptographic techniques. The system receives an indication of a possible quantum cryptographic security violation and accesses the stored pedigrees to identify one or more of the multiple blocks of encryption key material that may have been compromised.
Claims(23) 1. A method, comprising:
communicating a sequence of symbols using quantum cryptographic mechanisms between two nodes to derive a block of encryption key material; and constructing a pedigree that includes details of how and when the block of encryption key material was produced using the quantum cryptographic mechanisms. 2. The method of 3. The method of using the stored pedigree when investigating possible quantum cryptographic key distribution security violations. 4. The method of publicly discussing the communicated sequence of symbols between the two nodes to derive the block of encryption key material from the sequence of symbols. 5. The method of storing the constructed pedigree in a database. 6. The method of using the block of encryption key material for encrypting traffic sent between the two nodes via a public channel. 7. The method of transmitting the pedigree across a network to store the pedigree in the database. 8. The method of appending a digital signature to the constructed pedigree to certify its authenticity. 9. The method of a) whether an underlying optical system used for symbol communication using quantum cryptographic mechanisms is based on an attenuated laser pulse, a true single photon source, or pairs of entangled photons; b) a mean photon number if an underlying optical system used for symbol communication using quantum cryptographic mechanisms comprises an attenuated laser; c) error bounds that an error detection and correction protocol associated with the symbol communication using quantum cryptographic mechanisms is designed to achieve; d) an amount of privacy amplification used for deriving the block of encryption key material; e) an identification of the two nodes that participated in the symbol communication using quantum cryptographic mechanisms; f) a unique identifier for the sequence of symbols communicated using quantum cryptographic mechanisms; g) times at which the block of encryption key material was derived, including the starting and ending times for communicating the sequence of symbols using quantum cryptographic mechanisms; h) an observed error rate associated with the communication of the sequence of symbols; i) an estimated entropy rate for the derived block of encryption key material; j) times at which QKD protocols that derived the block of encryption key material operated; k) an identification of one or more of QKD protocols used to derive the block of encryption key material; l) a size of the block of encryption key material; m) parameters of a security guarantee associated with the block of encryption key material; or n) a random number(s) used in deriving the block of encryption key material. 10. A system, comprising:
a quantum cryptographic transmitter configured to transmit a sequence of symbols using quantum cryptographic mechanisms to a node; a network interface configured to publicly discuss the transmitted sequence of symbols with the node to derive the block of encryption key material from the sequence of symbols; and a processing unit configured to construct a pedigree that includes details of how and when the block of encryption key material was produced using the quantum cryptographic mechanisms. 11. A method, comprising:
communicating symbols using quantum cryptographic mechanisms between a first endpoint and a second endpoint; publicly discussing the symbols between the first endpoint and the second endpoint to obtain a block of encryption key material; noting parameters associated with the quantum cryptographic symbol transmission and/or the public discussion; and storing the noted parameters as a pedigree for the block of encryption key material. 12. The method of 13. The method of using the pedigree when investigating possible quantum cryptographic key distribution security violations. 14. The method of 15. The method of a) whether an underlying optical system used for symbol communication using quantum cryptographic mechanisms is based on an attenuated laser pulse, a true single photon source, or pairs of entangled photons; b) a mean photon number if an underlying optical system used for symbol communication using quantum cryptographic mechanisms comprises an attenuated laser; c) error bounds that an error detection and correction protocol associated with the symbol communication using quantum cryptographic mechanisms is designed to achieve; d) an amount of privacy amplification used for obtaining the block of encryption key material; e) an identification of the first endpoint and/or second endpoint that participated in the symbol communication using quantum cryptographic mechanisms; f) a unique identifier for the symbols communicated using quantum cryptographic mechanisms; g) times at which the block of encryption key material was obtained, including the starting and ending times for communicating the symbols using quantum cryptographic mechanisms; h) an observed error rate associated with the communication of the symbols; i) an estimated entropy rate for the obtained block of encryption key material; j) times at which QKD protocols that were used to obtain the block of encryption key material operated; k) an identification of one or more QKD protocols used to obtain the block of encryption key material; or l) information related to authentication used in publicly discussing the communicated symbols. 16. A system, comprising:
a quantum cryptographic receiver configured to receive symbols transmitted from a node using quantum cryptographic mechanisms; a network interface configured to publicly discuss the received symbols with the node to obtain a block of encryption key material; and a processing unit configured to:
identify parameters associated with the symbol transmission and/or the public discussion, and
store the identified parameters as a pedigree for the block of encryption key material. 17. A method, comprising:
storing pedigrees that include details of how and when each of a plurality of blocks of encryption key material were distributed between two endpoints using quantum cryptographic techniques; receiving an indication of a possible quantum cryptographic security violation; and accessing the stored pedigrees to identify one or more of the plurality of blocks of encryption key material that may have been compromised. 18. The method of accessing the stored pedigrees to determine how and when the identified one or more of the plurality of blocks of encryption key material were distributed. 19. The method of 17, wherein accessing the stored pedigrees to identify one or more encryption keys that may have been compromised further comprises:
using the stored pedigrees to identify encryption material that may have been compromised by an eavesdropper. 20. A method, comprising:
storing pedigrees that include details of how and when each of a plurality of blocks of encryption key material were produced using quantum cryptographic techniques; and using the stored pedigrees to ascertain the extent and/or nature of a possible security violation. 21. A system, comprising:
a database configured to store pedigrees that include details of how and when each of a plurality of blocks of encryption key material were produced using quantum cryptographic techniques; a processing unit configured to:
receive an indication of a possible quantum cryptographic security violation, and
access the stored pedigrees to identify one or more encryption keys that may have been compromised.
22. A computer-readable medium that stores computer-executable instructions, comprising:
instructions for transmitting symbols using quantum cryptographic mechanisms via a quantum channel to a node; instructions for discussing the transmitted symbols with the node via a public channel to derive a block of encryption key material; and instructions for constructing a pedigree that includes details of how and when the block of encryption key material was produced using quantum cryptographic techniques. 23. A system, comprising:
means for storing pedigrees that include details of how and when each of a plurality of blocks of encryption key material were produced using quantum cryptographic techniques; and means for using the stored pedigrees to ascertain the extent or nature of a possible security violation. Description The U.S. Government has a paid-up license in this invention and the right in limited circumstances to require the patent owner to license others on reasonable terms as provided for by the terms of Contract No. F30602-01-C-0170, awarded by the Defense Advanced Research Project Agency (DARPA). The present invention relates generally to cryptographic systems and, more particularly, to quantum cryptographic systems. Within the field of cryptography, it is well recognized that the strength of any cryptographic system depends on, among other things, the key distribution technique employed. For conventional encryption to be effective, such as a symmetric key system, two communicating parties must share the same key and that key must be protected from access by others. The key must, therefore, be distributed to each of the parties. To combat these inherent deficiencies in the key distribution process, researchers have developed a key distribution technique called quantum cryptography. Quantum cryptography employs quantum systems and applicable fundamental principles of physics to ensure the security of distributed keys. Heisenberg's uncertainty principle mandates that any attempt to observe the state of a quantum system will necessarily induce a change in the state of the quantum system. Thus, when very low levels of matter or energy, such as individual photons, are used to distribute keys, the techniques of quantum cryptography permit the key distributor and receiver to determine whether any eavesdropping has occurred during the key distribution. Quantum cryptography, therefore, prevents an eavesdropper, like Eve, from copying or intercepting a key that has been distributed from Alice to Bob without a significant probability of Bob's or Alice's discovery of the eavesdropping. A well known quantum key distribution scheme involves a quantum channel, through which Alice and Bob send keys using polarized or phase encoded photons, and a public channel, through which Alice and Bob send ordinary messages. Since these polarized or phase encoded photons are employed for quantum key distribution (QKD), they are often termed QKD photons. The quantum channel is a transmission medium that isolates the QKD photons from interaction with the environment. The public channel may include a channel on any type of communication network such as a Public Switched Telephone Network, the Internet, or a wireless network. An eavesdropper, Eve, may attempt to measure the photons on the quantum channel. Such eavesdropping, however, will induce a measurable disturbance in the photons in accordance with the Heisenberg uncertainty principle. Alice and Bob use the public channel to discuss and compare the photons sent through the quantum channel. If, through their discussion and comparison, they determine that there is no evidence of eavesdropping, then the key material distributed via the quantum channel can be considered completely secret. Alice and Bob then estimate Alice and Bob may also implement an additional privacy amplification process In accordance with the purpose of the invention as embodied and broadly described herein, a method may include communicating a sequence of symbols using quantum cryptographic mechanisms between two nodes to derive a block of encryption key material. The method may further include constructing a pedigree that includes details of how and when the block of encryption key material was produced using the quantum cryptographic mechanisms. Consistent with a further aspect of the invention, a method may include communicating symbols using quantum cryptographic mechanisms between a first endpoint and a second endpoint and publicly discussing the symbols between the first endpoint and the second endpoint to obtain a block of encryption key material. The method may further include noting parameters associated with the quantum cryptographic symbol transmission and/or the public discussion and storing the noted parameters as a pedigree for the block of encryption key material. Consistent with another aspect of invention, a method may include storing pedigrees that include details of how and when each of multiple blocks of encryption key material were distributed between two endpoints using quantum cryptographic techniques. The method may further include receiving an indication of a possible quantum cryptographic security violation and accessing the stored pedigrees to identify one or more of the plurality of blocks of encryption key material that may have been compromised. Consistent with yet another aspect of the invention, a method may include storing pedigrees that include details of how and when each of multiple blocks of encryption key material were produced using quantum cryptographic techniques. The method may further include using the stored pedigrees to ascertain the extent and/or nature of a possible security violation. The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate one or more exemplary embodiments of the invention and, together with the description, explain the invention. In the drawings, The following detailed description of the invention refers to the accompanying drawings. The same reference numbers in different drawings identify the same or similar elements. Also, the following detailed description does not limit the invention. Instead, the scope of the invention is defined by the appended claims. Systems and methods consistent with principles of the invention construct and store quantum cryptographic key pedigrees that may include relevant details of how and when blocks of key material were produced using quantum cryptographic key distribution techniques. The stored key pedigrees may subsequently used to ascertain the extent and/or nature of a possible security violation that may have occurred in association with the quantum key distribution process. Network Optical link/network Furthermore, optical link/network QKD endpoints It will be appreciated that the number of components illustrated in Input device QKD receiver The interface layer Sifting layer Error detection and correction layer Privacy amplification layer Authentication layer Client(s) SPD The exemplary process may begin with the retrieval of a sequence of cryptographic key symbols (block The transmitted sequence of key symbols may then be discussed, via the public channel, with the destination QKD endpoint to obtain a block of key material (e.g., a group of key symbols) (block Parameters associated with the transmission using the quantum channel and/or the discussion using the public channel may be noted (block - 1) whether the underlying optical system used for quantum cryptographic key transmission is based on an attenuated laser pulse, a true single photon source, or pairs of entangled photons;
- 2) for attenuated laser pulses, the mean photon number (e.g., 0.1 photons per laser pulse) and an indication of the decoy state if decoy states are being employed;
- 3) the error bounds that the error detection and correction protocol is designed to achieve;
- 4) the amount of privacy amplification applied;
- 5) an identification of the QKD endpoints that participated in the quantum cryptographic key transmission and reception;
- 6) the unique identifiers for all sequences (e.g., frames) of quantum cryptographic key symbols that went into a block of key material;
- 7) the times at which the block of key material were derived, including the starting and ending times for quantum channel communication and the starting and ending times of public channel discussion (i.e., in coordinated universal time);
- 8) the maximum observed quantum bit error rate (QBER), and average observed bit error rate, during the intervals over which the block of key material was derived;
- 9) the estimated entropy rate for the block of key material at the time it was produced (before privacy amplification);
- 10) the times at which the QKD protocols that derived the block of key material were operated (e.g., starting and ending times in coordinated universal time);
- 11) an identification of one or more of the QKD protocols used to derive the block of key material (e.g., an identification of the sifting protocol, the entropy estimation protocol, the privacy amplification protocol, etc.);
- 12) information related to authentication of the public channel used in discussing the key symbols transmitted using quantum cryptographic mechanisms. Such information may include, for example, an identification of the kind of authentication used on the public channel (e.g., public key authentication with RSA signatures, secret key authentication with keys derived from quantum cryptography, hybrid public/secret key authentication employing both RSA signatures and keys derived using quantum cryptography, etc.) and may additionally include a unique identifier for the actual key material used in the public channel authentication;
- 13) a size of the block of key material;
- 14) parameters of a security guarantee associated with the block of key material;
- 15) a random number(s) used in deriving the block of key material;
- 16) statistical information regarding raw detections associated with the sequence of cryptographic key symbols (revealing, for example, if one symbol is significantly more prevalent);
- 17) identifiers of other keys used to construct the block of key material (e.g., if key relay is used); and/or
- 18) summary information (e.g., statistical data) about any decoy states and, for each decoy state, the reception rate and the error rate.
The parameters listed above represent a few illustrative examples of the types of parameters associated with the key transmission using the quantum channel and/or the discussion using the public channel. Other parameters not described herein may be noted and used in a key pedigree consistent with principles of the invention. Parameters associated with classical cryptographic techniques may also be noted. For example, classic key agreement primitives used for encrypting symbols between QKD endpoints**410***a*and**410***b*may be noted for inclusion in the key pedigree.
A QKD key material pedigree may be constructed, that includes the noted parameters, for the block of key material (block The block of key material Key identifier A digital signature The exemplary process may begin with the reception, via the quantum channel, of a sequence of cryptographic key symbols from a source QKD endpoint (block Parameters associated with the transmission using the quantum channel and/or discussion using the public channel may be noted (block A QKD key material pedigree may be constructed that includes the noted parameters (block A digital signature may be appended to the pedigree to certify its authenticity (optional block The exemplary process may begin with the receipt of a possible quantum cryptographic security violation (block The key pedigree database(s) The key pedigree database(s) The foregoing description of exemplary embodiments of the present invention provides illustration and description, but is not intended to be exhaustive or to limit the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of the invention. For example, while certain components of the invention have been described as implemented in software and others in hardware, other configurations may be possible. As another example, while some embodiments of the present invention have been described as using optical QKD pulses (i.e., photon pulses) for encoding and transmitting cryptographic keys, it will be appreciated that other non-optical pulses that include, for example, individual atoms, electrons, etc., may alternatively be used. In embodiments employing non-optical pulses, the individual quantum particles (e.g., atoms, electrons) may be modulated to encode cryptographic key symbols. While a series of acts has been described with regard to Referenced by
Classifications
Legal Events
Rotate |